Rogue Wi-Fi Hotspots

October 17, 2017

India offers two types of Wi-Fi access free metered access which requires the users to register and second are those hotspots which do not have any password.

Some of these are Government initiatives like the one in Mumbai is “Aaple_Sarkar_Mum-WI-FI”, while Google in conjunction with Indian Railways is offering free Wi-Fi services at Railway stations across India. Furthermore, Coffee Shops, Bookstores and Hotels have also been providing free Wi-Fi access.

The common factors are:

  1. These services require registration and authentication
  2. Located at Public Places.

Providing Free Wi-Fi has been the best move by the Government for this social networking crazed generation, which has been using it for accessing Facebook, Instagram, Whatsapp etc However, it shouldn’t take a long time for the cyber criminals to realize the huge potential of gaining access to the network traffic by implementing Rogue Wi-Fi hotspots.

Rogue Wi-Fi Hotspots could be turned into surveillance systems and could also be used to inject malicious / advertisements into the network traffic. It’s not just the researchers who have demonstrated but Organizations too have injected traffic into the network in the past and what would stop the criminals from using the same technology to monetize this craze of accessing Free Wi-Fi.

Privacy concerns are raised by the elite few while most of the others turn a blind eye as long as they don’t have to pay a dime for Internet Access and has been aptly proved by the 4G boom with the free offerings by all the Telcos, and ultimately resulted in market consolidation vis’a’vis data pricing.

In these trying times when every bit of data can help build up your personal profile, it would pay in the longer run for everyone to exercise caution while accessing Internet. Moreover caution is just not limited to accessing Internet but also the Apps and their system level permissions do play an important role in securing your privacy.

Rogue Wi-Fis are very difficult to detect since there is very little information that they leak and it is very much possible that SSID will be replicated by these criminals in order to lure unsuspecting victims into their trap. It is also very much probable that the Rogue Wi-Fi wouldn’t ask for registration / authentication and should alert the users that something is amiss.

How to user Free Wi-Fi:

  1. Implement VPN on your devices / laptops
  2. Keep a separate Cell Number for accessing the Wi-Fi as most of them rely on OTP sent as an SMS to the registered number. It should be different from the one used for Banking Transactions.
  3. Verify the App Permissions before installing them on your device.
  4. Never conduct banking transactions through Free WI-FI; one may never know who is sniffing your traffic.
  5. Always keep you Phone Antivirus updated to ensure maximum efficiency.
  6. When in doubt about a particular SSID, do ask the owner of the shop who is providing this service and you may always choose to disconnect immediately.

 

Advertisements

Krack Attack – Wi-Fi Vulnerability Affecting WPA

October 17, 2017

WEP has been considered to be a flawed encryption and Wi-Fi implementations have always concentrated on implementing WPA Encryption standard so as to ensure a secure Wi-Fi communication channel. However, recently researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have found multiple flaws in WPA encryption which would allow hackers to decode the traffic and inject malicious packets into the secure WPA communications channel.

The vulnerabilities in itself are related to the WPA protocol standard which allows the attackers to force the devices to reissue the nonce effectively forcing the devices to initiate Key Reissue Attacks (KRACK).

This weakness in the protocol allows the attackers to sniff the traffic traversing between the devices and access-points while the worst case scenario is injection of malware into websites. The vulnerability affects all devices running on Windows, MacOS, iOS, Android and Linux. Due to the devastating implications of this vulnerability, Vendors have been quick to respond and made available patches to mitigate these vulnerabilities.

Identifiers:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082
  • CVE-2017-13084
  • CVE-2017-13086
  • CVE-2017-13087
  • CVE-2017-13088

More can be read about this research over here https://www.krackattacks.com/

Vendors:

Microsoft:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Ubuntu:

https://usn.ubuntu.com/usn/usn-3455-1/

Redhat:

https://access.redhat.com/security/cve/cve-2017-13080

Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr

Advisory:

  1. Patch your devices as and when the patches are made available
  2. Since this is protocol-level vulnerability, changing password wouldn’t help in mitigating the attacks.

 


eScan recognized as the fastest growing Youth Brand

September 29, 2017

MUMBAI, India – September 29, 2017 – eScan IT security solution received the 6th Brand Slam Award as the fastest growing youth brand in India, at the 6th Indira Brand Slam 2017, annual marketing gathering. The 6th Indira Brand Slam is presented by Indira Group & CMO Asia and endorsed by World Federation of Marketing Professionals & World Sustainability. The event every year attracts stalwarts from corporate world like Cisco Systems India, Panasonic, India, Bajaj Corporation Ltd. Viacom 18 Pvt. Ltd. etc. from various sectors and attended by over 1500 Management students of IGI.

6Brand-slam-Awards-2017Shree Chanakya Education Society’s “Indira Group of Institutes”, Pune is recognized as one of the leading educational institute imparting science, technology, management Brand-Slam-2017studies etc since the last 25 years. The World Federation of Marketing Professionals is an independent, not-for-profit networking body to effectively promote the interests of marketers in general. The CMO Asia is an organization dedicated to high level knowledge exchange through leadership & networking amongst CMOs across industry segments.

Purposeful Purpose – Towards Sustainability for Sustenance was the theme of the event which discussed the innovations in branding that have led to greater market penetration and reach to the customer. The event recognized various brands representing from across sectors that have by reinvented themselves & iconize brand leadership. eScan was one of the corporates who were recognized for their futuristic products and solutions in the field of technology.

The award reinstates eScan as the preferred brand of security solutions for the new age millennial who have been at the fore front, due to its global quality standards and ease of use.

On this occasion, Mr Sunil Kripalani, Sr. Vice President Global Sales and Marketing, eScan said, “We are humbled to receive this award at the 6th Indira Brand Slam 2017. The award reiterates our efforts in providing quality and innovative products at par with global standards for safeguarding our users from the growing cyber threats.

# # # 

About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues. For more information, visit www.escanav.com


eScan Android app launched to reward its partners

September 20, 2017

MUMBAI, India – September 20, 2017 – eScan – Total Security Solution has launched its much sought after “eScan TPN” (Touch Point Network) app for the ease and convenience of its valued partners. eScan TPN, a loyalty program, rewards its partner for every activation of eScan box products. The partners can use the accumulated points to redeem their choice of eScan products available on the portal.

Untitled.jpg

The App is designed to provide a single interface for the partners to keep track and manage eScan activations, renewals, purchases, channel offers & technical support with a single click. It is created to enhance partner experience with eScan product and services. The app helps the partners by saving their valuable time and cost by proactively providing all information on a single dashboard.

The app also periodically updates the various partner programs rolled out by eScan, and helps the partners to know it instantly and participate in the offer, which further adds to their profitability.

 The key features of this app are:

  • Redeem reward points instantly using the app
  • Offline product activation with QR code
  • Know more about current channel promotional offers
  • Place orders directly using the app
  • Share valuable feedback directly with eScan
  • Find the nearest technical support touch point for quick support

According to Mr Govind RammurthyCEO & MD of eScan, “In our constant effort to increase partner satisfaction, we have launched this app to provide them with single interface reach for many activities, such as sales, support, marketing & tracking renewals. This single app empowers them now to manage their customers better and reach out to eScan with a single click.

eScan TPN app is available for Android users and can be downloaded via Google Play Store. (https://play.google.com/store/apps/details?id=com.escan.tpn&hl=en)

# # #

About eScan

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24×7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues. For more information, visit www.escanav.com


eScan detects a new Locky variant – YKCOL

September 19, 2017

A new variant of Locky Ransomware has been discovered and has been spreading through a Spam Campaign with the Subject Line “Status of Invoice”. Moreover, the attachments are compressed using 7z, rather than using the .zip extension, which can easily be uncompressed by normal users.

Ykcol also tries to delete the Shadow Volume Copy so as to refrain the user from recovering the encrypted files. However, there would be instances when deletion of Shadow Volume files fails and victims would be lucky enough to recover from this attack.

MS Windows natively provides the users with the ability to extract files from .zip archives, while the users have to install 7z in order to extract from 7z archives. Due to this it seems the impact from this particular campaign of Locky would not have a major impact.

Extension: .ykcol (reverse of the word Locky)

Filename Format: [first_8_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[next_4_hexadecimal_chars_of_id]-[4_hexadecimal_chars]-[12_hexadecimal_chars]

Unfortunately, as of this time, it is not possible to decrypt .ykcol for free.

Prevention Measures:

  • Administrators should block all executable files from being transmitted via emails.
  • Administrators should isolate the affected system in the Network.
  • Administrator can restore the encrypted files from the backup or from system restore point (if enabled) for affected systems.
  • Install and Configure eScan with all security modules active.
  1. eScan Real Time Monitoring
  2. eScan Proactive protection
  3. eScan Firewall IDS/IPS Intrusion prevention
  • Users shouldn’t enable macros in documents.
  • Organizations should deploy and maintain a backup solution.
  • Most important, Organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments.

%d bloggers like this: